Developing Applications Using Cisco Core Platforms and APIs (DEVCOR) — Question 56

An application has initiated an OAuth authorization code grant flow to get access to an API resource on behalf of an end user.
Which two parameters are specified in the HTTP request coming back to the application as the end user grants access? (Choose two.)

Answer options

• A. access token and a refresh token with respective expiration times to access the API resource
• B. access token and expiration time to access the API resource
• C. redirect URI a panel that shows the list of permissions to grant
• D. code that can be exchanged for an access token
• E. state can be used for correlation and security checks

Correct answer: D, E

Explanation

The correct answers are D and E. When the user grants access, an authorization code (D) is sent back, which can be exchanged for an access token. Additionally, the state parameter (E) is included for security and to correlate requests. Options A and B incorrectly suggest that access tokens or refresh tokens are returned directly in this step, which is not the case during the authorization code grant flow.